Re: Compiling HostSentry
According to man utmp on potato I386, PII:
# a) Size of utmp record (sizeof(struct utmp)) for your host.
384
# b) Offset to tty field from beginning of record.
6
# c) Length of tty field.
32
# d) Offset to username field from beginning of record.
42
# e) Length of username field.
32
# f) Offset to hostname field from beginning of record.
74
# g) Length of hostname field.
256
If you have the same config as me, then, I think you can use these values.
Otherwise, you just have to write some C code to get the right answer. Like in:
quote
#include utmp.h
int main()
{
printf(size of utmp struct: %d\n, sizeof(struct utmp));
printf(size of ut_type: %d\n, sizeof(short));
printf(size of pid_t: %d\n, sizeof(pid_t));
printf(offset of tty name: %d\n, sizeof(pid_t)+ sizeof(short));
printf(size of tty name: %d\n, UT_LINESIZE);
printf(offset of username:
return 0;
}
/quote
signature
Grégoire Welraeds
gregoire (at) welraeds (dot) be
/signature
On Sun, 24 Jun 2001, Stefan Srdic wrote:
Hey, I've compiled and installed HostSentry on my Patato box. I
installed it under the /etc/hostsentry directory. I was editing the
configuration file and got stumped over a setting.
HostSentry needs to know the format of wtmp.
Here's a snip from the conf file:
# The basic things needed are:
#
# a) Size of utmp record (sizeof(struct utmp)) for your host.
# b) Offset to tty field from beginning of record.
# c) Length of tty field.
# d) Offset to username field from beginning of record.
# e) Length of username field.
# f) Offset to hostname field from beginning of record.
# g) Length of hostname field.
#
# The format is formed like this:
#
#
utmpRecordLength/ttyOffset:ttyLen/usernameOffset:usernameLen/hostnameOffset:hostnameLen
#
# For example on RedHat:
#
# utmp record size is: 384 bytes
# tty entry offset is: 8 bytes
# tty entry size from offset is: 32 bytes
# username entry offet is: 44 bytes
# username entry size from offset is: 32 bytes
# hostname entry offset is: 76 bytes
# hostname entry size from offset: 256 bytes
#
# This would be formed as 384/8:32/44:32/76:256
#
# NOTE: All of this garbage will hopefully go away on a future update
when
# I wrap native getutent() functions for Python.
#
# RedHat
WTMP_FORMAT = 384/8:32/44:32/76:256
# Slackware
#WTMP_FORMAT = 56/8:12/28:8/36:16
# BSD variants
#WTMP_FORMAT = 36/0:8/8:8/16:16
Where can I find this information? I've compiled this program before on
Mandrake. The configuration was easy since I only had to follow the
RedHat settings.
I would like to get this program up and running. I want to learn how it
works and then attemp to compile it into a deb package for unstable.
I have this idea that if we can get logcheck, portsentry and hostsentry
all compiled into deb packes that we could create an apt- script that
would install the Abacus project all in one shot. It would very usefull
for Debian sysadmins, and all apps could be launched via the same rc
script.
I would like to hear some of your awnsers and opinions please :-D
Stef
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Compiling HostSentry
According to man utmp on potato I386, PII:
# a) Size of utmp record (sizeof(struct utmp)) for your host.
384
# b) Offset to tty field from beginning of record.
6
# c) Length of tty field.
32
# d) Offset to username field from beginning of record.
42
# e) Length of username field.
32
# f) Offset to hostname field from beginning of record.
74
# g) Length of hostname field.
256
If you have the same config as me, then, I think you can use these values.
Otherwise, you just have to write some C code to get the right answer. Like in:
quote
#include utmp.h
int main()
{
printf(size of utmp struct: %d\n, sizeof(struct utmp));
printf(size of ut_type: %d\n, sizeof(short));
printf(size of pid_t: %d\n, sizeof(pid_t));
printf(offset of tty name: %d\n, sizeof(pid_t)+ sizeof(short));
printf(size of tty name: %d\n, UT_LINESIZE);
printf(offset of username:
return 0;
}
/quote
signature
Grégoire Welraeds
gregoire (at) welraeds (dot) be
/signature
On Sun, 24 Jun 2001, Stefan Srdic wrote:
Hey, I've compiled and installed HostSentry on my Patato box. I
installed it under the /etc/hostsentry directory. I was editing the
configuration file and got stumped over a setting.
HostSentry needs to know the format of wtmp.
Here's a snip from the conf file:
# The basic things needed are:
#
# a) Size of utmp record (sizeof(struct utmp)) for your host.
# b) Offset to tty field from beginning of record.
# c) Length of tty field.
# d) Offset to username field from beginning of record.
# e) Length of username field.
# f) Offset to hostname field from beginning of record.
# g) Length of hostname field.
#
# The format is formed like this:
#
#
utmpRecordLength/ttyOffset:ttyLen/usernameOffset:usernameLen/hostnameOffset:hostnameLen
#
# For example on RedHat:
#
# utmp record size is: 384 bytes
# tty entry offset is: 8 bytes
# tty entry size from offset is: 32 bytes
# username entry offet is: 44 bytes
# username entry size from offset is: 32 bytes
# hostname entry offset is: 76 bytes
# hostname entry size from offset: 256 bytes
#
# This would be formed as 384/8:32/44:32/76:256
#
# NOTE: All of this garbage will hopefully go away on a future update
when
# I wrap native getutent() functions for Python.
#
# RedHat
WTMP_FORMAT = 384/8:32/44:32/76:256
# Slackware
#WTMP_FORMAT = 56/8:12/28:8/36:16
# BSD variants
#WTMP_FORMAT = 36/0:8/8:8/16:16
Where can I find this information? I've compiled this program before on
Mandrake. The configuration was easy since I only had to follow the
RedHat settings.
I would like to get this program up and running. I want to learn how it
works and then attemp to compile it into a deb package for unstable.
I have this idea that if we can get logcheck, portsentry and hostsentry
all compiled into deb packes that we could create an apt- script that
would install the Abacus project all in one shot. It would very usefull
for Debian sysadmins, and all apps could be launched via the same rc
script.
I would like to hear some of your awnsers and opinions please :-D
Stef
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
nmap 2.12
Hello, I have recently installed a basic potato on a PII. While playing a little bit around a find that the provided nmap was only a 2.12 version. It is a rather old version of nmap (I have a 2.53 installed on a SuSE 6.3). Is there any known reason for this choice ? signature Grégoire Welraeds gregoire (at) welraeds (dot) be /signature -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
nmap 2.12
Hello, I have recently installed a basic potato on a PII. While playing a little bit around a find that the provided nmap was only a 2.12 version. It is a rather old version of nmap (I have a 2.53 installed on a SuSE 6.3). Is there any known reason for this choice ? signature Grégoire Welraeds gregoire (at) welraeds (dot) be /signature
Re: Filesystem permissions
Hello, IMOH, This is really not a good idea. For example, process like X or mysql will need write acces to /tmp. Also, user processes could need to have access to directory like /var/spool/mail (any MUA for example). Apache and man need access to the /var/cache directory. Some processes need access to /var/run (apache, proftpd,...). For a matter of security, deamon that need access to /tmp /var, ... do not always run as root. Furthermore, I don't see what is the benefit of a such restriction. On Fri, 15 Jun 2001, Noah Meyerhans wrote: On Fri, Jun 15, 2001 at 02:16:21PM -0600, Stefan Srdic wrote: For example, could I mount /proc, /var and /tmp so that only root can r/w to those filesystem? Also, how could I implement the same thing but to the /etc directory and subdirectories? Why do you want to? If nobody can read /proc then they can't run things like 'ps'. That's not a good thing. /etc is a similar case. Depending on your installation, it's quite likely that there are things in /etc that *need* to be readable by a normal user. Have you got something specific that you want to hide from your users? Do you really distrust them that much? I have had accounts on numerous public systems, included, for example, shell servers run by ISPs. Not once have I ever seen one that restricted read access to /proc or /etc. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Filesystem permissions
Hello, IMOH, This is really not a good idea. For example, process like X or mysql will need write acces to /tmp. Also, user processes could need to have access to directory like /var/spool/mail (any MUA for example). Apache and man need access to the /var/cache directory. Some processes need access to /var/run (apache, proftpd,...). For a matter of security, deamon that need access to /tmp /var, ... do not always run as root. Furthermore, I don't see what is the benefit of a such restriction. On Fri, 15 Jun 2001, Noah Meyerhans wrote: On Fri, Jun 15, 2001 at 02:16:21PM -0600, Stefan Srdic wrote: For example, could I mount /proc, /var and /tmp so that only root can r/w to those filesystem? Also, how could I implement the same thing but to the /etc directory and subdirectories? Why do you want to? If nobody can read /proc then they can't run things like 'ps'. That's not a good thing. /etc is a similar case. Depending on your installation, it's quite likely that there are things in /etc that *need* to be readable by a normal user. Have you got something specific that you want to hide from your users? Do you really distrust them that much? I have had accounts on numerous public systems, included, for example, shell servers run by ISPs. Not once have I ever seen one that restricted read access to /proc or /etc. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
